In August, the Federal Trade Commission (“FTC”) released a staff report concerning mobile shopping applications (“apps”). FTC staff reviewed some of the most popular apps consumers utilize to comparison shop, collect and redeem deals and discounts, and pay in-store with their mobile devices. This new report focused on shopping apps offering price comparison, special deals, and mobile payments. The August report is available here.

Popularity of Mobile Shopping Apps/FTC Interest

Shoppers can empower themselves in the retail environment by comparison shopping via their smartphones in real-time. According to a 2014 Report by the Board of Governors of the Federal Reserve System, 44% of smartphone owners report using their mobile phones to comparison shop while in retail store, and 68% of those consumers changed where they made a purchase as a result. Consumers can also get instant coupons and deals to present at checkout. With a wave of a phone at the checkout counter, consumers can then make purchases.

While the shopping apps have surged in popularity, the FTC staff is concerned about consumer protection, data security and privacy issues associated with the apps. The FTC studied what types of disclosures and practices control in the event of unauthorized transactions, billing errors, or other payment-related disputes. The agency also examined the disclosures that apps provide to consumers concerning data privacy and security.

Apps Lack Important Information

FTC staff concluded that many of the apps they reviewed failed to provide consumers with important pre-download information. In particular, only a few of the in-store purchase apps gave consumers information describing how the app handled payment-related disputes and consumers’ liability for charges (including unauthorized charges).

FTC staff determined that fourteen out of thirty in-store purchase apps did not disclose whether they had any dispute resolution or liability limits policies prior to download. And, out of sixteen apps that provided pre-download information about dispute resolution procedures or liability limits, only nine of those apps provided written protections for users. Some apps disclaimed all liability for losses.

Data Security Information Vague

FTC staff focused particular attention on data privacy and security, because more than other technologies, mobile devices are personal to a user, always on, and frequently with the user. These features enable an app to collect a huge amount of information, such as location, interests, and affiliations, which could be shared broadly with third parties. Staff noted that, “while almost all of the apps stated that they share personal data, 29 percent of price comparison apps, 17 percent of deal apps, and 33 percent of in-store purchase apps reserved the right to share users’ personal data without restriction.”

Staff concluded that while privacy disclosures are improving, they tend to be overly broad and confusing. In addition, app developers may not be considering whether they even have a business need for all the information they are collecting. As to data security, staff noted it did not test the services to verify the security promises made. However, FTC staff reminded companies that it has taken enforcement actions against mobile apps it believed to have failed to secure personal data (such as Snapchat and Credit Karma). The report states, “Staff encourages vendors of shopping apps, and indeed vendors of all apps that collect consumer data, to secure the data they collect. Further those apps must honor any representations about security that they make to consumers.”

FTC Staff Recommends Better Disclosures and Data Security Practices

The report urges companies to disclose to consumers their rights and liability limits for unauthorized, fraudulent, or erroneous transactions. Organizations offering these shopping apps should also explain to consumers what protections they have based on their methods of payment and what options are available for resolving payment and billing disputes. Companies should provide clear, detailed explanations for how they collect, use and share consumer data. And, apps must put promises into practice by abiding by data security representations.

Consumer Responsibility Plays Role, Too

Importantly, the FTC staff report does not place the entire burden on companies offering the mobile apps. Rather, FTC staff urge consumers to be proactive when using these apps. The staff report recommends that consumers look for and consider the dispute resolution and liability limits of the apps they download. Consumers should also analyze what payment method to use when purchasing via these apps. If consumers cannot find sufficient information, they should consider an alternative app, or make only small purchases.

While a great “deal” could be available with a click on a smartphone, the FTC staff urges consumers to review available information on how their personal and financial data may be collected, used and shared while they get that deal. If consumers are not satisfied with the information provided regarding data privacy and security, then staff recommends that they choose a different app, or limit the financial and personal financial data they provide. (Though that last piece of advice may not be practical considering most shopping apps require a certain level of personal and financial information simply to complete a transaction).

Deal or No Deal? FTC Will be Watching New Shopping Apps

FTC Staff has concerns about mobile payments and will continue to focus on consumer protections. The agency has taken several enforcement actions against companies for failing to secure personal and payment information and it does not appear to be slowing down. While the FTC recognizes the benefits of these new shopping and payment technologies, it is also keenly aware of the enormous amount of data obtained by companies when consumers use these services. Thus, companies should anticipate that the FTC will continue to monitor shopping and deal apps with particular attention on disclosures and data practices.

Restaurant chain Applebee’s has joined other businesses such as Overstock.com, Hilton, Capitol One, and Bass Pro Shops as defendants in purported class action lawsuits alleging that they illegally recorded calls to or from California residents. In fact, plaintiffs have filed hundreds of individual and class actions in California courts under California’s various eavesdropping/call recording laws. Potential damages can include an award of $ 5,000 per violation – thus the damages in class actions could lead to multi-million dollar judgments and settlements. Capitol One recently settled a purported class action involving residents in California and several other states for $ 3 million dollars. Bass Pro Shops settled for $ 6 million, and Shell Oil forked out $ 2 million to resolve recent claims.

California is one of 12 states that require “two party” or “all party” consent to call recording. The majority of states (and the federal standard) only require that one party consent. So, in other words, if the recording party consents, that generally constitutes sufficient consent in most states. Further, in most states, if companies announce at the outset that the call is being monitored or recorded, that announcement has been sufficient to provide at least implicit consent where the parties continue with the call following the announcement. In the Appleee’s case, however, the plaintiff contends that she (and others) never received a notification that her call was recorded.

Applebee’s Suit Alleges Recording on Wireless Phone

Plaintiff Joneeta Byrd contends that in November 2013, she called Applebee’s customer service number from a wireless telephone. She alleges she was not aware that Applebee’s recorded the call, and that the customer service representative did not inform her that the call was being recorded. At some point after the call, Byrd claims she learned that Applebee’s records all incoming calls. Byrd contends that Applebee’s does not always disclose the recording to every caller. According to the complaint, “Plaintiff believes that the total number of Class members is at least in the tens of thousands and members of the Class are numerous and geographically dispersed across California.”

Byrd’s lawsuit is based on California’s Penal Code, Section 632.7, which prohibits the intentional recording of any telephone communication without the consent of all parties where at least one party is using a cordless or cellular phone. It also provides for criminal fines and imprisonment. It differs from, and has arguably broader coverage than another section of California’s law, Section 632, which bars the eavesdropping or recording of confidential communications (i.e., where the caller had a reasonable expectation of privacy), without the consent of all parties to the confidential communication. While some courts have dismissed claims under Section 632, they have allowed claims under Section 632.7 to go forward – often reasoning that the California legislature intended more stringent protections for mobile phone conversations.

Hilton Hotels Decision Holds the Law Not Intended to Cover Parties

A recent decision involving Hilton Hotels may provide some relief for companies in California Section 622.7 call recording suits. The district court (on remand) held that Section 632.7 only applies to third party recording of a wireless telephone conversation – and does not include recording by a party to the call. The order is available here. Specifically, the district court concluded that “[t]he statutory scheme makes it clear that these sections refer to the actual interception or reception of these radio signals by third parties and do not restrict the parties to a call from recording those calls.” The court further ruled that Hilton had consent and that California’s legislature “did not limit the service observing monitoring of calls that it is alleged in this case.” The plaintiff has appealed this decision.

Top “5” Recommendations When Recording Customer Service Calls

Applebee’s case and the other call recording cases serve as useful reminders on call recording. As counsel to many companies and call centers utilizing call recording for quality control and service monitoring, we generally recommend this top 5 list:

Announce/Maintain — At the outset of a call, announce the call is being monitored and/or recorded. Maintain proof of the announcement in the event of litigation.

Incoming & Outgoing Covered — Remember, both incoming and outgoing calls are covered, so make sure you inform all parties – whether they have called in or your company has called them – that the calls are recorded and/or monitored.

Objections — If there is an objection, consider offering a non-monitored line. In any event, do not continue the call with the objecting party.

Customer Service Rep Consent Form — Upon hire, consider having customer service representatives sign an acknowledgement and agreement that their calls may be monitored or recorded. Maintain copies of these consent forms in employee files.

Train customer service representatives – Make sure customer service representatives can explain the call recording policy if asked. A consistent organization-wide message that accurately states the standard procedure helps ameliorate consumer concerns, and in the event of litigation, can bolster a defense.

In this health-conscious age, consumers are always on the lookout for new products which will improve wellness and quality of life. Marketers attuned to this trend may be tempted to increase sales by extolling the virtues of their products, even if health claims are unsubstantiated by scientific testing. A recent FTC case, however, demonstrates the price that advertisers pay for overstating health claims.

The FTC filed a case against TriVita Inc., a dietary supplement company, for its marketing of the Nopalea cactus juice drink. The beverage was widely advertised in television infomercials and online as an “anti-inflammatory wellness drink.” Nopalea includes juice from the nopal cactus, also known as the “prickly pear.” TriVita’s “Chief Science Officer” stated that the nopal cactus is proven to reduce inflammation, which he linked to Alzheimer’s disease, allergies, diabetes, and heart disease. TriVita sold each 32-ounce bottle of Nopalea for $39.99, plus shipping and handling.

According to the FTC’s complaint, the Nopalea infomercial was one of the most frequently aired commercials in the United States. The ads stated that the juice would relieve pain, reduce swelling in joints and muscles, and improve breathing. Infomercials featured “customer testimonials” in which individuals stated that Nopalea helped relieve them of symptoms of a wide variety of conditions, including inflammation, chronic pain, respiratory conditions, and skin conditions. However, the FTC alleged that these individuals were paid for their endorsements, a fact not sufficiently disclosed in the advertisements. When customers called the toll-free number advertised, sales representatives told customers that Nopalea would make them “pain-free,” according to the FTC’s complaint. The health representations had not been substantiated with scientific studies at the time they were made.

The FTC filed its complaint and request for permanent injunction on July 10, 2014. On July 11, the FTC filed a stipulated settlement order in which TriVita agreed to forfeit $3.5 million to the FTC. The order prohibits the defendants from marketing Nopal cactus products using unsubstantiated or misleading health claims, and from using paid endorsers unless any material connection between the individual and the company is clearly and prominently disclosed.

The multi-million dollar settlement in this case should serve as a warning to marketers who are tempted to overstate health claims in order to generate traffic and sales. The FTC takes health claims seriously and reviews health-related ads with extra scrutiny, so specific claims should only be made when supported by solid, scientific proof, and any paid testimonials should be clearly disclosed. As the cactus juice company learned, failure to comply with these standards will lead to a prickly situation.

In what could become the largest ever settlement in a case brought in the 22 year history of the Telephone Consumer Protection Act (“TCPA”), Capital One and three collection agencies agreed to pay over $75 million into a settlement fund to settle a consolidated class action lawsuit alleging that the companies used an automatic telephone dialing system (“ATDS”) or prerecorded voices to call more than 21 million consumers’ cell phones without their consent.

Although the settlement covers several different lawsuits that were consolidated, the allegations in those suits are largely the same. The plaintiffs alleged that Capital One and the other defendants violated the TCPA by using an ATDS or prerecorded voices to call the plaintiffs about debt collection. Debt collection calls are treated differently than other telemarketing calls under the TCPA, but still require a prior express consent from the consumer. The plaintiffs alleged that no consent was ever obtained by the defendants.

Capital One and the three collection agencies are not admitting any liability in the litigation. The settlement agreement also requires the defendants to conform their telemarketing practices and procedures to comply with the TCPA. Capital One has already developed and implemented changes to its calling systems designed to prevent future violations of the TCPA.

The U.S. District Court for the Northern District of Illinois offered its preliminary approval of the settlement last week and it must still be given final approval. The final approval hearing is scheduled for December 2, 2014. Opposition to the settlement terms and size could emerge in the meantime.

This settlement is a valuable reminder of the expensive consequences that can occur if a company’s marketing practices are not closely monitored for compliance with applicable laws. TCPA litigation has been increasing significantly in the past few years. Settlements like the one in this case will further encourage plaintiff’s attorneys to bring additional cases. All companies should review their calling campaigns – whether telemarketing, appointment setting, customer service, debt collection, or otherwise to ensure RCPA compliance. With more and more consumers opting to rely on mobile phone over residential lines, it is increasingly important to obtain prior consent for autodialed or prerecorded calls to mobile lines.

In an important decision in a federal court case in New Jersey, In Re Nickelodeon Privacy Litigation, Google and Viacom obtained a dismissal of a claim against them under the Video Privacy Protection Act (“VPPA”). The decision narrows the scope of who can be liable under the VPPA and what information is within the scope of the statute.

Congress passed the VPPA in 1988 after Robert Bork, a nominee for the U.S. Supreme Court, had his video rental history published during the nomination process. While Judge Bork’s viewing habits were unremarkable, members of Congress became understandably concerned that any individual’s private viewing information could easily be made public. The VPPA makes any “video tape service provider” that discloses rental information outside the ordinary course of business liable for $2,500 in damages per person, in addition to attorneys’ fees and punitive damages. There is no cap on the damages that plaintiffs can be awarded under the statute and cases are typically brought as class actions with large groups of plaintiffs.

In 2013, Congress passed and President Obama signed the first major change to the VPPA since it was enacted, the Video Privacy Protection Act Amendments Act of 2012. These amendments made it easier for companies to obtain consent from consumers to share their video viewing history. The amendment removed the requirement that video service providers obtain written consent from users every time a user’s viewing choice is disclosed. Additionally, the amendment allowed for a provider to obtain a user’s consent online and that the consent can apply on an ongoing basis for two years as long as the user is given the opportunity to withdraw that consent. The amendments were enacted in response to the interest by consumers in sharing videos on social media platforms.

Viacom owns and operates three websites through which users can stream videos and play video games. The plaintiffs in the lawsuit were registered users of those websites. When a user registered with the site, that individual would be assigned a code name based on that user’s gender and age. The plaintiffs alleged that the user code name would be combined with a code that identified which videos the user watched and that code was disclosed by Viacom to Google. The plaintiffs sued Viacom and Google alleging among other things that this disclosure was a violation of the VPPA.

The VPPA claim against Google was dismissed because the court found that Google was not a “video tape service provider” (“VTSP”) as required for liability under the statute. The court reasoned that Google is not “engaged in the business of renting, selling, or delivering either video tapes or similar audio materials.” Some courts have shown a willingness to extend the definition of a VTSP to companies such as Hulu and Netflix that offer video-streaming services, but the court in this case stopped short of extending it to Google, a company that does not offer video services as its main business.

The VPPA claim against Viacom failed because the court found that, even if Viacom were a VTSP, an issue the court did not reach, Viacom did not release personally identifiable information to Google, which is required to have occurred under the VPPA. The court concluded that “anonymous user IDs, a child’s gender and age, and information about the computer used to access Viacom’s websites” – even if disclosed by Viacom – were not personally identifiable information.

With its potential for large damages there has been a recent uptick in cases filed under the VPPA. Recently, plaintiffs have filed cases against well-known media companies including Hulu, Netflix, ESPN, the Cartoon Network, and The Wall Street Journal. These cases have started to show a trend in shifting away from the intended defendants, companies whose main line of business is renting and selling videos, and toward companies that provide streaming video as part of their business.

The line drawn by the court in this case of who can be considered a VTSP could be a significant win for companies that offer mobile apps with streaming video capabilities by limiting the definition of a VTSP to companies that are in the business of renting or selling videos. Such a limitation would be welcome by many operators of new technologies. Given the vast number of devices and platforms that deliver video content of some kind, an expansion of the definition of a VTSP could lead to a flood of litigation involving companies that are not in the business of renting or selling videos and were not the intended defendants under the statute.

While this decision will not stop the recent uptick in VPPA litigation, it will provide courts with guidance as how to determine who should be liable under the VPPA. The text of the VPPA was written in a way that did not anticipate the current environment where streaming video is available on a multitude of devices. As more cases are filed, the limits of the statute’s scope will be tested. However, this court’s decision provides precedent for a common sense approach to determining who should be held liable under the VPPA.

Recently, the Maryland Attorney General’s Office announced that it reached a settlement with Snapchat, Inc. over alleged deceptive trade practices in violation of Maryland law and violations of federal laws that are intended to protect children’s online privacy. This is another reminder that state attorneys general’s offices will continue to be vigilant in addressing consumer privacy issues under both state and federal laws, when the federal laws permit state attorney general action.

Snapchat is a photo and video messaging app that allows users to take photos and videos, add text and drawings, and send them to selected contacts. The sent images are commonly referred to as “snaps” and users can set a time limit of up to ten seconds for how long the image will be visible to the contact. According to Snapchat, its app’s users were sending 700 million photos and videos per day in May 2014.

Maryland’s Attorney General asserted that Snapchat misled consumers when it represented that snaps are temporary and disappear after they are opened by a recipient. The Attorney General claimed that, in fact, the snaps could be copied or captured by recipients. Additionally, the Maryland Attorney General alleged that Snapchat collected and maintained the names and phone numbers from contact lists on consumers’ electronic devices, which was a practice that Snapchat had not always disclosed to consumers and to which consumers did not always consent. Lastly, the Attorney General alleged that Snapchat was aware that some users were under the age of 13, but it failed to comply with the federal Children’s Online Privacy Protection Act (“COPPA”), when it collected personal information from children without verifiable parental consent. COPPA has a provision that empowers state attorneys general to bring enforcement actions under the statute on behalf of residents of their states.

Snapchat agreed to pay the state of Maryland $100,000 to settle this case. Additionally, as part of its settlement, Snapchat agreed to not make false representations or material omissions in connection with its app. Furthermore, Snapchat is specifically enjoined from misrepresenting the temporary nature of the snaps and must disclose to users that recipients of snaps have the ability to copy the image they receive. Snapchat must also obtain affirmative consent from consumers before it collects and saves any contact information. In response to the COPPA allegations, Snapchat agreed to comply with COPPA for a period of ten years and to take specific steps to ensure that children under the age of 13 are not creating Snapchat accounts.

Snapchat has faced other actions as well. Last month, Snapchat reached a settlement with the Federal Trade Commission (“FTC”) on charges that it deceived consumers with promises about the disappearing nature of messages sent through the service. According to the FTC, Snapchat promised users that messages and images sent through the app would self-destruct and disappear in ten seconds or less despite there being ways for recipients to save the snaps. The FTC case also alleged that Snapchat told users that it did not collect information about their location when one version of the app did collect location information.

The FTC case did not include any accusation of violating COPPA, nor did it include any financial penalty. As part of the settlement, Snapchat agreed to implement privacy programs that will be subject to monitoring for 20 years and agreed not to misrepresent the confidentiality, privacy, and security of user information. Snapchat is also prohibited from misrepresenting how it maintains the privacy and confidentiality of user agreements.

On its official blog, Snapchat emphasized that its app does not retain users’ snaps and that both investigations largely revolved around how well users understood that recipients of their snaps could save their snaps. In response to the COPPA claims, Snapchat pointed out that its terms of service have always provided that the app is intended for users who are 13 years of age or older and has instituted controls to ensure it.

Mobile app companies need to be aware of the fact that they are being closely monitored by both the FTC and state attorneys general offices. In particular, any claim made by an app about consumer privacy may be scrutinized by regulators. Companies need to be prepared to justify their claims and must be forthcoming about any data that is collected from consumers. In other words: if you say you do something then you need to do it; if you say that you do not do something, do not do it. Your company does not want the FTC or a state attorney general “snapping” at your privacy practices.

We’ve all heard the statistics showing obesity rates rising in the U.S. year after year. Most of us are well aware of the billion dollar diet and weight-loss supplement industry to which millions turn with the hope of finding that one “miracle pill” to help them lose that stubborn belly fat or get rid of those unsightly love-handles. Advertisers should be aware that the Federal Trade Commission has taken an interest in advertising involving weight loss claims. In a 2011 study, the FTC concluded that weight loss product false advertising is the most common type of consumer fraud. More recently, the agency testified on the issue during a June 17, 2014 hearing before the Senate Subcommittee on Consumer Protection, Product Safety, and Insurance, in addition to several witnesses from the advertising industry.

In addition to the FTC representative, witnesses who testified at the hearing included the CEO of a natural products non-profit organization, and the president of the nation’s advertising self-regulatory body. However, one witness received the most attention and the toughest questions from Subcommittee Chair, Senator Claire McCaskill, regarding the problem of deceptive advertising of weight-loss products: television personality, and Oprah-favorite, Dr. Mehmet Oz.

When asked who the most popular television personality known to talk about green coffee bean extract, raspberry ketones, pure garcinia cambogia, or just weight loss products in general, there’s a good chance that the majority of Americans would name Dr. Oz. Despite his former days as the go-to doctor of Oprah’s talk show, and the celebrity he has become through the popularity of his own daytime television show, Senator McCaskill’s tone revealed how unimpressed she is by Dr. Oz’s “flowery” language- an adjective he used at the hearing to defend his enthusiastic statements when promoting the use of unproven weight-loss products. The Senator expressed her concern with the overreaching statements often made by the doctor, specifically his use of the words “magic” and “miracle” to describe the products he endorses on his show.

To be fair, Dr. Oz is by no means the only source of flowery language when it comes to weight-loss products. Surf the web for five minutes and at least one advertisement for an all-natural weight-loss supplement that melts away fat in a matter of days will have flashed on your screen. And in his defense, Dr. Oz does not appear to promote specific product brands on his show. He also generally adds that any weight-loss enhancement product must be supplemented by a healthy diet and regular exercise. But to Senator McCaskill and the FTC, the problem is too serious to not to make an example out of Dr. Oz, especially in light of the fact that some advertisers misleadingly use the Dr. Oz name brand (among others) for product promotion. Voltaire’s saying that with great power comes great responsibility was used more than once at the hearing.

Besides the scolding of one celebrity voice, the FTC appears to have a three-fold strategy for cracking down on what it views as misleading advertising practices.

First, the agency’s law enforcement efforts have included more than 80 weight-loss enforcement actions over the last 10 years, in addition to over $100 million amassed in consumer restitution, and that’s just since 2010. In January of this year, the FTC had its own New Year’s resolution with regard to fighting back against newer fraudulent weight-loss fads, appropriately named “Operation Failed Resolution.”

Second, the FTC also recently delivered a “Gut Check” to respected media outlets: a reference guide containing a list of fraudulent claims often used by those advertising weight-loss products. The goal of the guide is to encourage media outlets to carefully consider whether or not the endorsement of such ads is advisable.

Third, the FTC has issued numerous consumer education resources to teach and inform the public about exaggerated weight-loss product claims. Also, the same day it testified at the Senate Subcommittee hearing, the agency launched an interactive “Challenge” video and game, with the goal of helping consumers understand what’s true and what’s not when it comes to weight-loss products claiming guaranteed results without the added components of diet and exercise.

The FTC’s extensive program to fight what it views as weight-loss scams and fraudulent advertising, in addition to the Subcommittee’s admonishment of “America’s Doctor,” demonstrate that truth in weight loss advertisements remain a top priority for federal regulators and legislators. Organizations offering weight loss products should review their advertisements – whether on the Internet, in print advertisements, or elsewhere – for any potentially unsubstantiated claims. The FTC will remain vigilant regarding health and fitness claims. Advertisers need to be similarly vigilant, because there’s no magic pill that prevents expensive enforcement actions and lawsuits.

Career Education Corporation, like a host of other for-profit education companies, has found itself spinning on the courthouse revolving door. The latest legal challenge for CEC: a False Claims Act suit filed in federal court in New Jersey on May 16. The lawsuit alleges that CEC defrauded the federal government by (1) falsifying job placement statistics to exaggerate the number of graduates working in their fields of study, (2) misrepresenting accreditation status of some of its programs to remain eligible for federal funding, (3) admitting students who did not have high school diplomas or GEDs, could not speak English, or were mentally handicapped, and (4) paying bonuses to admissions staff based on enrollment numbers. Many of these allegations are familiar to CEC as well as others in the industry. Unfortunately CEC – like many other for-profit education companies – just can’t seem to free itself from the yoke of enforcement agencies and plaintiffs’ attorneys.

Last August, CEC entered a settlement agreement with the New York Attorney General’s office following an investigation into allegations of inflated job placement rates and allegations of inadequate disclosures regarding accreditation status. That agreement cost CEC $10.25 million and imposed significant reporting requirements.

The allegation of inappropriate incentive compensation for college recruiters is a popular basis for lawsuits against the for-profit education industry. In May, the Department of Justice filed a False Claims Act suit against Stevens-Henager College, Inc. for allegedly illegally compensating recruiters. These suits follow similar False Claims Act suits filed against the University of Phoenix (which settled in 2009 for a whopping $67.5 million, plus $11 million in attorneys’ fees) and Oakland City University (which settled in 2007 for $5.3 million) for their incentive compensation structures. There is also a pending False Claims Act case against Education Management Corporation with claims that largely mirror those faced by CEC.

Unfortunately for CEC and its fellow for-profit educators, settling with one entity does not necessarily mean freedom from future suits by other regulators or supposed whistleblowers. The more common scenario follows the camel under the tent: once an investigation is initiated – and publicly announced – follow-on actions ensue. The host of False Claims Act cases against the industry is a perfect example.

Part of the problem is the nature of False Claims Act cases. These suits, which are brought on behalf of the federal government by private plaintiffs (known as “relators”), are intended to help root out fraud against the government. Whistleblower relators are given incentive to file claims as they can receive significant compensation should the lawsuit succeed (or settle). For instance, the whistleblowers in the U. Phoenix settlement received $19 million in compensation; the whistleblower in the Oakland City U. settlement received $1.4 million.

The concept of False Claims Act cases seems laudable – the government cannot possibly keep track of all fraudulent claims it pays out to government contractors and other recipients of federal funds; having private actors with personal knowledge come forward to help address the problem should save the government significant sums. But the host of False Claims Act cases against the for-profit education industry defendants has produced little new or damnable information. When False Claims Act cases are brought after the news of alleged problems breaks, or after an investigation is launched, the benefit to the government is substantially diminished. The lawsuits become more about economic opportunity for enterprising litigators and relators.

Yesterday, the Federal Communications Commission (“FCC”) announced a consent decree with Sprint Corporation for federal do not call violations. Specifically, under the terms of the agreement, Sprint will make a $7.5 million “voluntary contribution” to the United States Treasury. This payment represents the largest do not call settlement reached by the FCC. Sprint also agreed to various ongoing compliance initiatives, including enhanced training and reporting requirements. Importantly, the action also serves as an important reminder on an often overlooked section of the do not call rules – the requirement that companies maintain and abide by “company-specific” or internal do not call lists.

Under the federal do not call rules, organizations making telemarketing calls to residential customers (including mobile phones) are required to scrub the federal do not call database before initiating those calls, unless the calls meet certain exceptions – the called party has an existing business relationship (“EBR”) with the caller or has provided prior express consent for the calls or the call is from a tax-exempt non-profit. Of course, as we have written before, there are additional requirements for autodialed or prerecorded calls to mobile mobiles and prerecorded telemarketing calls to residential lines.

Another, sometimes overlooked requirement is that companies making permissible calls (for instance, after scrubbing the do not call database or with an existing business relationship or prior express consent) must maintain an internal, company-specific do not call list where companies log individuals’ subsequent requests not to be called. In other words, even if a consumer has an existing business relationship or has given prior express consent to be called, once the consumer tells the company not to call again, that request trumps the existing business relationship/prior consent or the do not call scrub. This company-specific do not call request must be implemented within 30 days and honored for five years from the date the consumer made the request. (The federal do not call registration, in contrast, lasts indefinitely). A company must also have a do not call policy, available upon request.

In 2009, the FCC investigated Sprint for do not call violations relating to the company-specific do not call list. Sprint subsequently settled that enforcement action in 2011 through a consent decree (which included a $ 400,000 payment). The decree required Sprint to report to the FCC’s Enforcement Bureau, for two years, any noncompliance with the consent decree or the FCC’s company-specific do not call rules.

In March 2012, Sprint disclosed to the FCC that it had discovered additional issues involving human error and technical malfunctions relating to Sprint’s or its vendor’s do not call processes that caused potential noncompliance with consumers’ do not call or do not text preferences, or prevented the timely capture of the preferences. Sprint represented that it had subsequently implemented improvements in its do not call data management systems. It had also ceased telemarketing and text campaigns to investigate the issues. The FCC investigated Sprint’s do not call compliance and ultimately entered into this record-setting $7.5 million settlement.

Under the terms of the consent decree, in addition to the settlement payment, Sprint will designate a Compliance Officer to administer a new compliance plan and to comply with the consent decree. Sprint also must implement a compliance manual which will instruct “covered personnel” (including Sprint personnel and independent contractors who provide telemarketing services for Sprint) on Sprint’s do not call policies. The consent decree further requires Sprint to establish and maintain an annual compliance training program, and to file several compliance reports with the FCC at designated time frames. Significantly, Sprint acknowledges that actions or inactions of any independent contractors, subcontractors, or agents that result in a violation of the company-specific do not call rules or the consent constitute an act or inaction by Sprint – in other words, Sprint is specifically on the hook for third parties’ actions.

The consent decree and $7.5 million payment serve as a useful reminder of the company-specific do not call rules. Once a consumer indicates they do not wish to receive further telemarketing calls or texts, the FCC’s rules require that the telemarketer place that consumer on its internal, company-specific do not call list. This consumer requests trumps even an established business relationship or prior express consent. It can only be revoked by subsequent express consent – which we would recommend be in writing. Even if a consumer does business with your company every day, if he or she has asked not to receive telemarketing calls – don’t call! Compliance with the company-specific do not call rule means your organization does not call someone who has indicated they do not want to be called. And, it can also save your company great time, resources, and money spent defending private litigation or an FCC enforcement action. Further, if your organization utilizes third parties for telemarketing campaigns, your company should make sure the third party is taking do not call requests, logging them, and passing those to your company for future campaigns.

In a recent case in the U.S. District Court for the Eastern District of Missouri, the district court held that the plaintiff’s Telephone Consumer Protection Act (“TCPA”) claim should be dismissed. The court ruled that the plaintiff gave prior express consent when she agreed to the terms of her health insurance plan, which stated that the company could share her number with other businesses who work for the plan.

The plaintiff Suzy Elkins enrolled to receive prescription benefit management services through a group plan offered by her employer. The plaintiff then reenrolled after her employer changed plans to receive prescription management services from the Defendant, Medco Health Solutions, Inc. (“Medco”) through Coventry Health of Missouri (“Coventry”). On the reenrollment form, Elkins provided her cell phone number as her home phone number and certified that the information she provided was true and accurate. Ms. Elkins refilled several prescriptions using Medco’s retail pharmacy network.

Elkins filed a complaint alleging that the automated and prerecorded calls she received from Medco through her enrollment in her employer’s health insurance plan, Coventry, violated the TCPA’s prohibition on autodialed/prerecorded calls to mobile phones and the federal “do not call” rules. Elkins had registered her number in the federal do not call database. Elkins alleged that Medco called her cell phone twice utilizing autodialed, prerecorded calls in an attempt to sell prescription medications. Medco claimed that it was attempting to make Elkins aware of certain pharmacy benefits, such as obtaining refills at reduced prices. Both parties disputed whether the calls were actually autodialed or prerecorded, and the court did not address that issue.

Instead, the district court found that the plaintiff’s TCPA claim was barred because she gave her express prior consent to be called at the number she provided when she gave that number at the time of enrollment as hercontact number related to healthcare benefits. The court noted that the Certificate of Coverage that the plaintiff agreed to with Coventry stated that Coventry could use or share her personal information with “other businesses who work for the Plan . . . [t]o tell you about treatment options or health related services.” The Certificate of Coverage also provided that members have certain rights including the right to ask for restrictions.However, the plaintiff never provided notice requesting that she not be contacted at that number with respect to her health benefits.

The court concluded that the calls that were the basis of the complaint were made by a pharmacy benefits specialist on behalf of her existing health plan regarding the pharmacy benefits she was receiving on an ongoing basis. The court reasoned that the provision of her cell phone number reasonably evidenced prior express consent by the plaintiff to be contacted at that number regarding pharmacy benefits.

The district court also found that the plaintiff had an established business relationship with the defendant which barred liability under the “do not call” rules. The court held that it was uncontroverted that there was an established business relationship since the plaintiff had utilized Medco’s prescription benefit management services to fill twelve prescriptions in a six month period before the calls that served as the basis for the complaint.

This decision represents a victory for TCPA defendantsin that the court found that prior express consent was given by the plaintiff when she gave her phone number and agreed to the terms of the Certificate of Coverage, which authorized Coventry to share her phone number. TCPA litigation has been increasing significantly in the past few years. While this court did not address the recent changes that have gone into effect that placed stricter requirements on businesses that engage in marketing via mobile messaging and prerecorded telephone calls, this decision does serve as guidance for consent, at least to non-telemarketing calls.

It is unclear whether the consent in this case would pass muster as “prior express written” consent for prerecorded or autodialed telemarketing calls to mobile phones and residential lines under the new rules, but since the calls at issue in this case predated the new rules the court did not need to address that point. We recommend businesses obtain “prior express written” consent for TCPA-covered calls and texts, consistent with the requirements under the new rules. It is important to note, however, this this court acknowledged that express consent can be extended to third parties through the plaintiff’s agreement to the terms if those terms are sufficiently broad to cover third parties. Finally, for non-autodialed or prerecorded telemarketing calls to mobile phone and live telemarketing calls to residential lines, this case is a useful reminder that an existing business relationship still constitutes a valid defense.

Crime in the Suites is authored by the Ifrah Law Firm, a Washington DC-based law firm specializing in the defense of government investigations and litigation. Our client base spans many regulated industries, particularly e-business, e-commerce, government contracts, gaming and healthcare.